Additional information and links

• AWS Control Tower lab – These labs provide a high-level overview of common tasks related to AWS Control Tower.

• On the AWS Control Tower dashboard, choose Get personalized guidance if you have a use case in mind but you're not sure where to start.

• Try visiting a curated list of YouTube videos that explain more about how to use AWS Control Tower functionality.

Set up repeatable and manageable patterns for networks in AWS. Learn more about design, automation, and appliances that are commonly used by customers.

• AWS Quick Start VPC Architecture– This Quick Start guide provides a networking foundation based on AWS best practices for your AWS Cloud infrastructure. It builds an AWS Virtual Private Network environment with public and private subnets where you can launch AWS services and other resources.

• Self-service VPCs in AWS Control Tower using AWS Service Catalog– This blog post describes a way to set up Account Factory so you can provision accounts with customized VPCs.

• Implementing Serverless Transit Network Orchestrator (STNO) in AWS Control Tower – This blog post demonstrates how to automate network connectivity access across accounts. This blog is intended for AWS Control Tower administrators, or those responsible for managing networks within their AWS environment.

• Automating AWS Security Hub Alerts with AWS Control Tower lifecycle events – This blog post describes how to automate Security Hub enablement and configuration in an AWS Control Tower multi-account environment on existing and new accounts.

• Enabling AWS Identity and Access Management – This blog post describes how to enhance your organizational security visibility by enabling and centralizing IAM Access Analyzer findings.

• AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can use it to share configuration information in a secure location, for use by AWS Systems Manager and by AWS CloudFormation. For example, you can store a list of Regions in which you want to deploy conformance packs.

• Link Azure AD user identity into AWS accounts and applications for single sign-on – This blog post describes how to use Azure AD with IAM Identity Center and AWS Control Tower.

• Manage access to AWS centrally for Okta users with AWS IAM Identity Center – This blog post describes how to use Okta with IAM Identity Center and AWS Control Tower.

• AWS Centralized Logging Solution – This solutions post describes the Centralized Logging solution which enables organizations to collect, analyze, and display logs on AWS across multiple accounts and AWS Regions.

Deploy and manage resources and workloads.

• Getting Started Library integration – This blog post describes Getting Started portfolios you can use.

• Continuous deployment of Cloud Custodian to AWS Control Tower

• Enroll an account – This user guide topic describes how to enroll an existing AWS account in AWS Control Tower.

• Bring an account under AWS Control Tower – This blog post describes how to deploy AWS Control Tower into your existing AWS organizations.

• Extend AWS Control Tower governance using AWS Config conformance packs – This blog post describes how to deploy AWS Config conformance packs to assist with bringing existing accounts and organizations into governance by AWS Control Tower.

• How to Detect and Mitigate Guardrail Violation with AWS Control Tower – This blog post describes how to add controls and how to subscribe to SNS notifications so that you can be notified by email of control compliance violations.

• Lifecycle events – This blog post describes how to use lifecycle events with AWS Control Tower.

• Automate account creation – This blog post describes how to set up automated account creation in AWS Control Tower.

• Amazon VPC flow log automation – This blog post describes how to automate and centralize Amazon VPC Flow Logs in a multi-account environment.

• Automate VPC tagging with AWS Control Tower lifecycle events– This blog post describes how to automate resource tagging for VPCs, by means of lifecycle events in AWS Control Tower.

• Automated account management – This blog post describes how to automate account management tasks after your AWS Control Tower environment is set up.

• CloudEndure migration – This blog post describes how to combine CloudEndure and other AWS services with AWS Control Tower to assist in workload migration.

• For a full list of services available to AWS Control Tower by means of AWS Organizations, see AWS services that you can use with AWS Organizations.

• To enable multi-account capabilities for these related AWS services, you must enable trusted access. For more information, see Using AWS Organizations with other AWS services.

  Note

  Remember that AWS IAM Identity Center, AWS Config, and AWS CloudTrail are set up for you in AWS Control Tower and fully integrated. You do not need to modify your trusted access or delegated administration settings for these services.

• Some AWS services available through AWS Organizations can use delegated administration, including AWS Systems Manager and AWS Firewall Manager. For more information, see Configuring a Delegated Administrator, and Enabling a delegated administrator account for Firewall Manager. Also see this video, Set up security groups with AWS Firewall Manager.

• AWS Control Tower Marketplace – AWS Marketplace offers a broad range of solutions for AWS Control Tower to help you integrate third-party software. These solutions help solve key infrastructure and operational use cases including identity management, security for a multi-account environment, centralized networking, operational intelligence, and security information and event management (SIEM).